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1 \J. l KJ. 1 U.Z 
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Proxylp 
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<crvotoaraDhic kev> 




kind 


->'Di iHli^W^w" 

— ruuiicixey 


type 


="N0C's Primary Key" 


format 


="RSA" 


encryption 


="3DES" 


modulus 


="0x ... 01" 


modulus bits 


="1024" 


public exp 


="0x03" 


</cryptographic key> 




<firewall rule> 


protocol-'tcp" 


direction ="in" 


src ip mask="$any" 


src_port="1 024:65535" 


dst ip mask= M $1" 


dst port="21" 


action= M ACCEPT M 


rule number="1" 


</firewall rule> 



Fig. 12 



CONTACT GATEWAY(S) ON 
TRUSTED PARTNER LIST 



ATTEMPT TO ESTABLISH A TUNNEL 
TO GATEWAY{S) ON TRUSTED 
PARTNER LIST 




-1310 



-1320 



YES 





NO 




r 


ESTABLISH A 


TUNNEL TO OTHER 


GATEWAY 




f 



ORIGINATING 
GATEWAY WAITS 
FOR DESTINATION 
TO ESTABLISH A 
TUNNEL 



-1370 




EXCHANGE 
INFORMATION 
THROUGH TUNNEL 




1380 



EXCHANGE 
INFORMATION 
^THROUGH TUNNEL 




ORIGINATING 




GATEWAY 


NO 


OPENS 


4 < 


A TUNNEL 




11 







EXCHANGE 
INFORMATION 
sTHROUGH TUNNEL 



1391 




1392- 



EXCHANGE "\ 
INFORMATION ) 
sTHROUGH HAIRPIN/ 



FIG. 13 




FIG. 15B 



2200 



2210 



2215 



2220 



2230. 



2240 



DETERMINING HAIRPIN IS NEEDED 



AUTHORIZING HAIRPIN 



REQUESTING HAIRPIN 



CREATING HAIRPIN 



ESTABLISHING CONNECTIONS TO 
HAIRPIN 



2250/~n w EXCHANGING INFORMATION 



FIG. 15C 



CONNECTING TO NOC 



RETRIEVING GATEWAY 
SHARED SECRET 




NEGOTIATING A TUNNEL 



INITIALIZING GATEWAY 



SIGNING-ON TO NOC 



EXCHANGING 
CONFIGURATION 
INFORMATION 



-1710 



-1720 



H DISCONNECTING 



I 



0 



GENERATING 
ALARM 



-1750 



-1760 



-1770 



-1780 



FIG. 17 



1800 



PC1.1 



1824 
• tt 



PCN.n 



1823 



PC2.1 



1834 



• 1 1 



PC2.n 



1833 



1821 





HUB 








GATEWAY 1 










IADI 





,1822 



GATEWAY 3 



IAD3 






HUB 








GATEWAY 2 










IAD2 . 





1832 



•1831 



1840 



-1860 



HUB "^1861 



COMPUTER 



^1862 



FIG. 18 



•1830 



610 

A. 



NOC 



1910- 



RECEIVING MONITOR AND 
CONTROL INFORMATION FROM 
ONE OR MORE GATEWAYS 



1920 




NO 



YES 



1930- 



THE FIRST GATEWAY RE- 
ESTABLISHES A TUNNEL WITH THE 
NETWORK OPERATIONS CENTER 



1940- 



STORING THE NEW ADDRESS 



1950- 



NOTIFYING ALL THE GATEWAYS 
THAT ARE ON THE FIRST 
GATEWAY'S PARTNER LIST OF THE 
NEW ADDRESS TO ENABLE 
TUNNEL REESTABLISHMENT TO 
EACH GATEWAY 



FIG. 19 



ESTABLISHING A TUNNEL 
BETWEEN THE FIRST GATEWAY 
AND SECOND GATEWAY 



FIRST GATEWAY PROPOSES A 
FIRST INTERMEDIATE ADDRESS 
SPACE 



SECOND GATEWAY PROPOSES A 
SECOND INTERMEDIATE ADDRESS 
SPACE 



NEGOTIATE ACCEPTABLE FIRST 
AND SECOND ADDRESS SPACES 



SEND FIRST AND SECOND 
ADDRESS SPACES TO NOC 



-2010 



-2020 



-2030 



•2040 



-2050 



TRANSLATE TO/FROM 
INTERMEDIATE ADDRESS SPACE 



-2060 



FIG. 20 



Administrator 1) accesses administration server from 
behind gateway(1) 

* 

Administrate^ 1) enters ioginjd and pasword 

Administration server verifies Ioginjd and pasword and 
verifies Administrate^ 1) behind a gateway{1) for which 
they have permissions 



I 

Administrator(1) opens screen for exporting gateways 

Administration server supplies Administrator^ ) with names 
of potential gateways to export 



J 

Administrator 1) enters name of domain to which names 
are to be exported 

J 

Administrator^) selects names of gateways to export 



t 

Administrator(1) selections sent to administration server 



J 

Database server stores information on selected gateways 
for which administrator has permission 

i 

Administrator^) for gateway(2) logs on to administration 
server (entering Ioginjd and password 

t 

Administration server verifies Ioginjd and password and 
that they are behind a gateway for which they have 

___________ permissions 



I 




Exported names added to list of potential partners for 
gateway(2) 



Fig. 22 




CN 
CN 
CO 
CN 



"1 



CD CD 

SZ SZ SZ 

o o o 

CO CO CO 

CD CD CD 

CD CD S 

Q, O Qj 

OOO 



CN 

CM CO 
U) D) Cp 

£ £ £ 

CO CO 03 
CD CD CD 

oz ql a: 
c c c 

CD CD CD 

a a a 

OOO 



in 
a> 

sz sz 
o o 

CO CO 
CD CD 

o: a: 

c sz 

CD CD 
O. GL 

o o 



C0 CD 

xf xf 

o o 

CO CO 

CD 0) 

c c 

CD CD 

O O 



TZ 
C 

•c 

co o> £ 

CO CO c 

SZ SZ JZ 
OOO 
CO CO 

cd cd a: 

QL QC Qc 

sz cz c 

a) <u a: 

Q- Q. C 

O o c 



CD 
CO 
CO 
CN 



CO 
CO 
CN 



CN 
CO 
CO 
CM 



o 

CO 
CO 
CM 



CO 
CM 

■ ■MB 

LL 



CO 
CM 



H Extranet Import - Microsoft Internet Exp 



-^Domains* 
B57C01 
&70C01 
C01 

B81C01 
CO 00400 



•Actions- 




2410 



2412 < 



F Accept 
F Accept 
F Accept 
F Accept 
r Accept 



<> h h 

2430 2432 2434 



Cancel | Apply | Help 



"3i 



&4\ 



2400 



Fig. 24 




CM 

O 
LL. 



Access the Network 


Operation Center (NOC) 






r 






Login as 






Administrator 





3410 



3415 




Notify Virtual 

Network 
Administrator 



3425 



Transmit Gateway 
IP address to NOC 



Assign Virtual Address 
to Gateway 



3430 



3435 



Download Gateway Code & 
Information from NOC 



3440 



1 

Execute Ga 


teway Code 




r 


Download Network 
Configuration Information 
from NOC 



3445 



3450 



FIG. 34 



Determine Software 
Version on Gateway 



y 3510 



Schedule Time 
for Upgrade 



3515 



Download an Upgrade from 
Network Operation Center 
(NOC) 



3520 



Wait Until 
Scheduled Time 



3530 



Install Upgrade 



3535 



Change Active 
Partition 



3550 



Access NOC 



•^3540 




3545 



Revert to Previous 
Gateway Configuration 



3555 



Access 
NOC 



JT 



3560 



Notify NOC 



j-3565 



Notify VPN 
Administrator 



j-3570 



^ End 



3580 



FIG. 35 



Network Operations 
Center (NOC) Sends 
Keep-Alive Packets to 
Gateway 



-3610 




3635 



N 



NOC Computes 
Round-Trip Packet 
Delay 



3620 



Y 



Notify 
Administrator for 
Virtual Network 



3640 



NSP Latency = 
Round Trip Delay / 2 



3625 



NOC Collects NSP 
Latency Statistics 



3630 



FIG. 36 



Detect Event at 
Network Operation 
Center (NOC) 



Notify NOC 
Administrator 



Notify VPN 
Administrator 



-3810 



-3815 



-3820 



Log Problem 
Report 



-3825 



FIG. 38 




FIG. 39 



GW1 Sends 
Packets Through 
Tunnel 



GW1 Computes 
Round-Trip Packet 
Delay 



Tunnel Latency = 
Round Trip Delay / 2 



GW1 Collects Tunnel 
Latency Statistics 



GW1 Transmits Tunnel 
Statistics to NOC 



-4010 



4020 




GW2 Receives 
and Retransmits 
Packets Through 
Tunnel 



-4025 



-4030 



-4035 
— H 



NOC Receives and 
Archives Tunnel 
Latency Statistics 




FIG. 40 



<monitoringJnformation> 
name-'org-name" 
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data-'todjntervaljmin^ax^vg" 
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